Policy-Based Virtual Routing and Forwarding (vrf) Assignment

1. A network switch device for use in a computer network, the switch device comprising: a plurality of network interfaces configured to receive and transmit packet based communications within a computer network, the plurality of network interfaces including a first network interface; a virtual router classification engine configured to generate a search key for a packet received at the first network interface using (i) header information obtained from one or more fields of a header of the packet and (ii) additional information associated with the packet, select a rule corresponding to the generated search key, and apply an action associated with the selected rule to the packet, wherein the virtual router classification engine is configured to apply an action associated with the selected rule to the packet at least by assigning a virtual router identifier to the packet; and a packet forwarding engine configured to (i) serve a plurality of organizations forming the computer network, the plurality of organizations including a first organization, and (ii) segregate packet communications within the network switch device of the first organization from packet communications traffic within the network switch device of other organizations in the plurality of organizations based on the virtual router identifier assigned by the virtual router classification engine.

2. The network switch device of claim 1 , further comprising a first memory configured to store rules used to assign a plurality of virtual routers implemented in the network switch device, wherein the virtual routers are configured to segregate packet communications, and wherein the virtual router classification engine is configured to select the rule corresponding to the generated search key at least by accessing the first memory.

3. The network switch device of claim 2 , wherein the first memory is a TCAM (Ternary Content-Addressable Memory).

4. The network switch device of claim 2 , further comprising a second memory configured to store a plurality of action entries, wherein each of the plurality of action entries associates a rule to an action, and wherein the virtual router classification engine is configured to apply the action associated with the selected rule to the packet at least by accessing the second memory.

5. The network switch device of claim 1 , wherein the packet forwarding engine comprises a router engine configured to (a) implement a plurality of virtual routers, (b) select one virtual router corresponding to the virtual router identifier assigned by the virtual router classification engine, and (c) use the one virtual router to determine that the packet is to be forwarded to a second network interface for transmission.

6. The network switch device of claim 1 , wherein: the header information includes one or both of (i) a source Internet Protocol (IP) address of the packet, and (ii) a destination IP address of the header of the packet; and the additional information associated with the packet includes additional header information obtained from the one or more fields of the header of the packet, the additional header information including at least one type of additional information selected from the group consisting of a source MAC (Media Access Control) address of the packet, a destination MAC address of the packet, a source TCP (Transmission Control Protocol) port of the packet, a destination TCP port of the packet, a source UDP (User Datagram Protocol) port of the packet, a destination UDP port of the packet, and a VLAN (Virtual Local Area Network) tag of a VLAN corresponding to the packet.

7. The network switch device of claim 1 , wherein: the header information includes one or both of (i) a source Internet Protocol (IP) address of the packet, and (ii) a destination IP address of the header of the packet; and the additional information associated with the packet includes an indication of a port of the network switch device via which the packet ingressed.

8. The network switch device of claim 1 , further comprising a header parser engine configured to obtain the header information.

9. The network switch device of claim 8 , wherein the additional information associated with the packet includes additional header information associated with one or more additional fields of the header of the packet, and wherein the header parser engine is further configured to obtain the additional header information.

10. A method for forwarding a packet in a network switch device, the method comprising: generating a search key, for a packet received at a first network interface of a plurality of network interfaces of the network switch device, using (i) header information obtained from one or more fields of a header of the packet and (ii) additional information associated with the packet; selecting a rule corresponding to the generated search key; applying an action associated with the selected rule to the packet, wherein applying an action associated with the selected rule to the packet includes assigning a virtual router identifier to the packet; and segregating, within the network switch device and based on the assigned virtual router identifier, packet communications of a first organization in a plurality of organizations forming a computer network from packet communications traffic of other organizations in the plurality of organizations.

11. The method of claim 10 , wherein selecting a rule corresponding to the generated search key comprises selecting a rule corresponding to the generated search key by accessing a first memory.

12. The method of claim 11 , wherein selecting a rule corresponding to the generated search key comprises searching a TCAM (Ternary Content-Addressable Memory) using the generated search key.

13. The method of claim 11 , wherein applying an action associated with the selected rule to the packet includes accessing an action table in a second memory.

14. The method of claim 10 , wherein generating a search key includes generating the search key using: one or both of (i) a source Internet Protocol (IP) address obtained from the one or more fields of the header of the packet and (ii) a destination IP address obtained from the one or more fields of the header of the packet; and additional information associated with the packet that includes at least one type of additional information selected from the group consisting of a source MAC (Media Access Control) address of the packet, a destination MAC address of the packet, a source TCP (Transmission Control Protocol) port of the packet, a destination TCP port of the packet, a source UDP (User Datagram Protocol) port of the packet, a destination UDP port of the packet, and a VLAN (Virtual Local Area Network) tag of a VLAN corresponding to the packet.

15. The method of claim 10 , wherein generating a search key includes generating the search key using: one or both of (i) a source Internet Protocol (IP) address obtained from the one or more fields of the header of the packet and (ii) a destination IP address obtained from the one or more fields of the header of the packet; and additional information associated with the packet that includes an indication of a port of the network switch device via which the packet ingressed.

16. The method of claim 10 , wherein segregating packet communications of the first organization from packet communications traffic of other organizations comprises: using one virtual router from a plurality of virtual routers to determine a second network interface of the switch device, wherein the one virtual router corresponds to the assigned virtual router identifier; and forwarding the packet to the second network interface for transmission.

17. The method of claim 10 , wherein segregating packet communications of the first organization from packet communications traffic of other organizations comprises: using a router engine configured to implement a plurality of virtual routers; selecting one virtual router corresponding to the assigned virtual router identifier; and using the one virtual router to determine that the packet is to be forwarded to a second network interface for transmission.

18. A plurality of machine readable instructions stored on a non-transitory computer-readable medium, the plurality of machine readable instructions, when executed by a processor, causing the processor to: generate a search key, for a packet received at a first network interface of a plurality of network interfaces of a network switch device, using (i) header information obtained from one or more fields of a header of the packet and (ii) additional information associated with the packet; select a rule corresponding to the generated search key; apply an action associated with the selected rule to the packet, wherein the instructions cause the processor to apply the action associated with the selected rule to the packet at least by assigning a virtual router identifier to the packet; and segregate, within the network switch device and based on the assigned virtual router identifier, packet communications of a first organization in a plurality of organizations forming a computer network from packet communications traffic of other organizations in the plurality of organizations.